Step up security for Indian users: Government to Google, Yahoo, Facebook and Twitter

MeitY has also asked the National Informatics Center (NIC), which offers email services to government employees, to ensure foolproof security of its systems and servers.Muntazir Abbas | ETTelecom | December 16, 2016, 23:30 IST

NEW DELHI: The government information and technology department has asked email service providers Google and Yahoo, and social networking platforms Facebook and Twitter to strengthen their security systems to safeguard Indian users in the wake of the recent incidents of cyber-hacking.

“Protecting public websites, citizens email accounts and social media handles is also our responsibility at the end of the day, and we have told these social media sites, etc., to put adequate security measures in place,” Aruna Sundararajan, secretary in the ministry of electronics and information technology (MeitY), told ET.

Email service provider Yahoo recently revealed that hackers had compromised as many as 1 billion user accounts worldwide in the course of the last few years due to its own security flaw.

"The incidents disclosed on December 14, 2016, had a global impact. We are not offering specificity with regard to the impact on particular countries or regions," a Yahoo Inc spokesperson said in a statement to ET.

Twitter declined to comment while Google and Facebook did not respond to ET’s queries on the matter.

Even as the government embarks on the ambitious ‘Digital India’ programme encompassing a host of online and mobile services, including mBanking and electronic delivery of public services, cyber security remains an area of concern, say analysts.

MeitY is currently probing the hacking of Congress vice-president Rahul Gandhi’s Twitter account by the Legion group, and after the initial response from US-based micro-blogging company Twitter, it has sought “additional” details from Gandhi.

“We are in a constant dialogue with the company. Twitter has also sought more details to probe the matter further,” the top IT official said.

Twitter, however, said the breach did not occur from its side.

The Legion group, which also hacked into the Twitter accounts of the Indian National Congress, liquor baron Vijay Mallya, journalists Barkha Dutt and Ravish Kumar, as well as news channel NDTV, claims to have dumped email addresses and passwords of nearly 75,000 chartered accountants in the country.

Legion earlier threatened to hack the Indian Parliament website sansad.nic.in, and over an encrypted text chat with the Times of India newspaper on Wednesday, indirectly attacked Delhi Police, saying policemen should spend their time thinking of “better passwords” for their servers rather than chasing them.

The government itself is a big IT user, with various websites of ministries, departments and public-sector firms, including people-facing web interfaces for various government-to-citizen services that host critical data.

“We need to secure top sites, vulnerable data and public interfaces. We are hardening security for these sites, putting additional layers, and have already conducted detailed system-wide audits covering devices, networks, mobile applications and end usage as far as government systems are concerned,” Sundararajan said.

MeitY has also asked the National Informatics Center (NIC), which offers email services to government employees, to ensure foolproof security of its systems and servers.

On the back of a surge in digital payments after the government announced its demonetisation move on November 8, the department has also issued about seven advisories to banks and financial institutions, including the Reserve Bank of India, and has strengthened cyber reporting system.

“We don’t want to take any chance and have started special audits and cyber security drills in banks,” the official said.

MeitY, which is now working almost 14 to 16 hours a day, has asked public-sector organisations and departments across central and state governments to employ chief information security officers (CISO) in a view to separate IT functions from that of security capabilities.

Several people ET spoke with about Ericsson’s India operations, including its current and former employees, said the Stockholm-based firm has reduced headcount in the last one year or so across functions, in line with its global restructuring.